On Thu, 30 Dec 2004 23:58:00 GMT, null.RemoveThis@zilch.com wrote:
>On Thu, 30 Dec 2004 17:43:24 -0500, "Roger Wilco"
>> Oversnipped wrote
>>> I once tried to send them a file that was infected. Their reply
>>> was that it was a "trojan horse" not a virus, so they refused
>>> to do anything about it.
>>...judging an AV by how well it detects trojans is a little like
>>judging cars by how well they float.
>Some av products detect many thousands of Trojans and
>stay right on top of new ones found in the wiild. AV is no longer anti
>_virus_. It's anti _malware_ and has been for quite some time now.
Yes; we have come to expect different things from an av.
I expect an av to detect all traditional (i.e. non-commercial)
malware, be they trojans, worms or viruses. After all, some detect
keygens and other tools the user may actually want; they really should
detect off-the-peg software stealthed in that the user doesn't want.
When it comes to post-penetration scanning, I expect a formal av (e.g.
F-Prot for DOS) to detect every malware that may be unsafe or
impossible to detect from within Windows. And yes, I find F-Prot for
DOS still misses some non-commercial RATs to this day, and though they
improved thier reporting, F-Prot still uses generic descriptions
rather than specific names for many of the trojans it does detect.
Commercial malware is another matter; traditional av can be expected
to be weak on this, and though some are improving, I'd still use
AdAware, Spybot and HiJackThis for these. A problem with relying on a
single tool for commercial malware, is that the scanner may be
compelled to drop detection of a particular cm due to legal pressure.
>---------- ----- ---- --- -- - - - -
"He's such a character!"
' Yeah - CHAR(0) '
>---------- ----- ---- --- -- - - - - >> Stay informed about: sending a file to f-prot 
FAQ
Search
Profile
Private Messages
Log in
